blog/source/_posts/git-sign-commit-ed25519.md

---
title: Sign Git commit with an EdDSA/Ed25519/Curve25519 key
excerpt: Utilise a curve not produced by NIST
date: 2020-07-18
tags:
- security
- gitlab
---

## Generate an Ed25519 key

```
$ gpg --expert --full-generate-key

Please select what kind of key you want:
  (10) ECC (sign only)
Your selection? 10

Please select which elliptic curve you want:
  (1) Curve 25519
Your selection? 1

# Key shouldn't expire (in commit signing)
Please specify how long the key should be valid.
Key is valid for? (0) 0

Key expires at Sun 18 Jul 2021 00:00:00 UTC
Is this correct? (y/N) y

Real name: MDLeom
## GitHub: Go to "https://github.com/settings/emails"
# Look for "xxx@users.noreply.github.com will be used for web-based Git operations"
## GitLab: Go to "https://gitlab.com/profile"
# Look for "Use a private email - xxx@users.noreply.gitlab.com"
## Must include the unique number prefix.
Email address: 123456-curbengh@users.noreply.github.com
# Leave the comment empty
Comment: 
You selected this USER-ID:
  "MDLeom <123456-curbengh@users.noreply.github.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

# It should be separate from your system password
Enter a password to encrypt private key:

pub   ed25519 2020-07-18 [SC] [expires: 2021-07-18]
      CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4
uid   MDLeom <123456-curbengh@users.noreply.github.com>
```

## Export public key

```
## Export public key
# Add this public key to your GitHub/GitLab account
gpg --output public.gpg --armor --export CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4

## Export private key for backup
# The exported key will be encrypted with your password (that you entered during key generation)
# Need to use the same password to import back
gpg --output private.asc --armor --export-secret-key CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4
```

## Sign Git commit

```
# Enable commit signing in a repository folder
$ git config user.signingkey CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4

# Commit a change and sign it
$ git commit -S -m "commit message"
```

## See also

- [Curve25519](https://en.wikipedia.org/wiki/Curve25519#Popularity)
- [Dual_EC_DRBG](https://en.wikipedia.org/wiki/Dual_EC_DRBG)
post: Sign Git commit with Ed25519 key 2020-07-18 08:02:40 +00:00			`---`
			`title: Sign Git commit with an EdDSA/Ed25519/Curve25519 key`
			`excerpt: Utilise a curve not produced by NIST`
			`date: 2020-07-18`
			`tags:`
			`- security`
			`- gitlab`
			`---`

			`## Generate an Ed25519 key`

			```
			`$ gpg --expert --full-generate-key`

			`Please select what kind of key you want:`
			`(10) ECC (sign only)`
			`Your selection? 10`

			`Please select which elliptic curve you want:`
			`(1) Curve 25519`
			`Your selection? 1`

post(sign-commit): key should not expire 2020-07-21 05:03:07 +00:00			`# Key shouldn't expire (in commit signing)`
post: Sign Git commit with Ed25519 key 2020-07-18 08:02:40 +00:00			`Please specify how long the key should be valid.`
post(sign-commit): key should not expire 2020-07-21 05:03:07 +00:00			`Key is valid for? (0) 0`
post: Sign Git commit with Ed25519 key 2020-07-18 08:02:40 +00:00
			`Key expires at Sun 18 Jul 2021 00:00:00 UTC`
			`Is this correct? (y/N) y`

			`Real name: MDLeom`
			`## GitHub: Go to "https://github.com/settings/emails"`
			`# Look for "xxx@users.noreply.github.com will be used for web-based Git operations"`
			`## GitLab: Go to "https://gitlab.com/profile"`
			`# Look for "Use a private email - xxx@users.noreply.gitlab.com"`
			`## Must include the unique number prefix.`
			`Email address: 123456-curbengh@users.noreply.github.com`
			`# Leave the comment empty`
			`Comment:`
			`You selected this USER-ID:`
			`"MDLeom <123456-curbengh@users.noreply.github.com>"`

			`Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o`

			`# It should be separate from your system password`
			`Enter a password to encrypt private key:`

			`pub ed25519 2020-07-18 [SC] [expires: 2021-07-18]`
			`CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4`
			`uid MDLeom <123456-curbengh@users.noreply.github.com>`
			```

			`## Export public key`

			```
			`## Export public key`
			`# Add this public key to your GitHub/GitLab account`
			`gpg --output public.gpg --armor --export CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4`

			`## Export private key for backup`
			`# The exported key will be encrypted with your password (that you entered during key generation)`
			`# Need to use the same password to import back`
			`gpg --output private.asc --armor --export-secret-key CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4`
			```

			`## Sign Git commit`

			```
			`# Enable commit signing in a repository folder`
			`$ git config user.signingkey CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4`

			`# Commit a change and sign it`
			`$ git commit -S -m "commit message"`
			```

			`## See also`

			`- [Curve25519](https://en.wikipedia.org/wiki/Curve25519#Popularity)`
			`- [Dual_EC_DRBG](https://en.wikipedia.org/wiki/Dual_EC_DRBG)`